I get a daily security e-mail from my web server alerting me to failed login attempts and other security issues and in the past few weeks (months?) I’ve been getting tens if not hundreds of failed attempts to login to my server. At first I thought I could resolve the issue by blocking the IP addresses in /etc/hosts.allow for the SSH server, but the attempts continued unabated.
My solution was to first turn off root logins by setting the
in /etc/ssh/sshd_config. I should have done that a long time ago, but I hadn’t thought of it until now. My second step was to only allow logins from one group. It’s not ultra-secure and I’m sure there are better ways, but that limits the number of users I have to keep track of who have access to my machine, and for now that’s good enough for me.
I found several other links related to this issue which I’ve included here for your perusal.